Skip to content
Deploy lambda

feat(infrastructure): setup ci for lambda #22

Sign in to view logs

feat(infrastructure): setup ci for lambda

feat(infrastructure): setup ci for lambda #22

Workflow file for this run

.github/workflows/deploy-lambda.yml at 0a90ed6
name: Deploy lambda
on:
pull_request:
push:
branches:
- dev
- main
workflow_dispatch:
env:
TERRAFORM_ROOT: terraform/lambda
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PNPM_VERSION: 8.13.1
TF_CLOUD_ORGANIZATION: "luke-h1"
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
jobs:
deploy-staging:
runs-on: ubuntu-latest
name: Deploy lambda to staging
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
steps:
# https://github.com/actions/virtual-environments/issues/1187
- name: tune linux network
run: sudo ethtool -K eth0 tx off rx off
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
mask-aws-account-id: true
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
cache: pnpm
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- uses: actions/cache@v3
name: Setup pnpm cache
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Cache turbo build setup
uses: actions/cache@v4
with:
path: .turbo
key: ${{ runner.os }}-turbo-${{ github.sha }}
restore-keys: |
${{ runner.os }}-turbo-
- uses: pnpm/action-setup@v2
name: Install pnpm
with:
version: ${{ env.PNPM_VERSION }}
run_install: false
- name: Install dependencies
run: pnpm i
- uses: actions/labeler@v4
with:
sync-labels: true
- name: Check commit message
run: pnpm commitlint --from=HEAD^1
- name: format:check
run: pnpm format:check
- name: lint
run: pnpm lint
- name: jest
run: pnpm test
- name: tsc
run: pnpm tsc
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
mask-aws-account-id: true
- name: Terraform init
id: init
# run: terraform init
run: terraform init -backend-config="region=eu-west-2" -backend-config="bucket=nowplaying-staging-terraform-state" -backend-config="key=vpc/staging.tfstate" -input=false
working-directory: ${{ env.TERRAFORM_ROOT }}
- name: terraform workspace select
run: terraform workspace select -or-create staging
working-directory: ${{ env.TERRAFORM_ROOT }}
- name: Terraform fmt -check
id: fmt
run: terraform fmt -check
working-directory: ${{ env.TERRAFORM_ROOT }}
- name: Terraform validate
id: validate
run: terraform validate
working-directory: ${{ env.TERRAFORM_ROOT }}
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0
id: plan-upload
with:
workspace: nowplaying-staging
directory: ${{ env.TERRAFORM_ROOT }}
speculative: true
- name: build lambda
run: ./scripts/build-lambda.sh
- name: Create Plan Run
uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0
id: plan-run
with:
workspace: nowplaying-staging
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
plan_only: true
message: "Plan Run from GitHub Actions CI ${{ github.sha }}"
- name: Update PR
uses: actions/github-script@v6
id: plan-outcome
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
});
const output = `#### Terraform Cloud Plan Output
\`\`\`
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
\`\`\`
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }})
`;
// 3. Delete previous comment so PR timeline makes sense
if (botComment) {
github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
});
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0
id: apply-upload
with:
workspace: nowplaying-staging
directory: ${{ env.TERRAFORM_ROOT }}
- name: Create Apply Run
uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0
id: apply-run
with:
workspace: nowplaying-staging
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
- name: Apply
uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.0.0
if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable
id: apply
with:
run: ${{ steps.apply-run.outputs.run_id }}
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"